Hi, On Fri, Jan 09, 2004 at 13:29:38 +0100, Tilo Riemer wrote:
Hello,
I've discussed with Jürgen and Martin regarding unmaintained, and I now think that we should keep it and define a procedure to allow submission of changes back to it. This is because of the higher level of trust because someone from CLC at least _looked_ at it ("many eyes" as Martin called this). IMHO this is a very good argument. The important thing here is to make sure that applying submitted changes is really simple and that a lot of checks are done by scripts (e.g. footprints).
Who should be able to submit changes? If someone can change Pkgfile he should also be able to change footprints. And he could replace a link with a link pointing at a backdoor... Yeah, that's very true. It's still a lot better if it's reviewed, right? I consider it an improvement if someone independent had a look at it compared to just using the same port from someone's httpup repo. It's just a higher level of trust, not a perfect secure solution.
Regards, Johannes -- Johannes Winkelmann mailto:jw@tks6.net Biel, Switzerland http://jw.tks6.net